2

I'm trying to configure a trac server we are using in my team, in order to avoid an undesired behaviour. We are mainly developing free and open-source software in the team, but we sometimes need to be able to build our early prototypes as completely private.

Because of our first constraint, we want our timeline to be visible for anonymous users. But because of the seconde constraints, we want some commits to be completely hidden from the external world, i.e. we don't want anybody else than us to be able to read the message and content of some commits in the timeline.

Unfortunately, I've been unable to configure Trac the proper way to reach this behaviour untli now. I wan't find a configuration that would let me manage the Timeline content with enough accuracy.

Consequently, I would like to know if such a configuration is possible with trac.

For information, I'm using Trac 0.12.2. The installed plugins are : Trac 0.12.2 TracAccountManager 0.2.1dev-r7731 TracNav 4.1

The only permission I can see that is related to Timeline is TIMELINE_VIEW.

EDIT :

I have forgot to mention something. We don't want to loose the private commits. And we want them to display for registered users. Consequently, it's not a solution for us to remove them from the database.

EDIT 2 :

Ideally, we would like the commits' message to be displayed according to the right to read the content of our Subversion repository. The idea is that, if a commit is made on a part someone can't access, this person is not supposed to be able to read the message of the commit either.

EDIT 3 :

If we have a look in the configuration file of trac, we already can find :

permission_policies = AuthzSourcePolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy

and the authz_file variable is properly set too. Moreover, svn access to the private folders of the svn repositories can't be accessed by anonymous users.

Agemen
  • 1,525
  • 9
  • 18
  • Totally OT: Update you AccountManagerPlugin, at least to v0.3, please with a cherry on top. Your version is only too obsolete these days. The code has undergone major changes and improvements since r7731, more than 140 changesets including a lot if minor and major fixes. Thank's for considering this. (Disclosure: I'm the maintainer.) – hasienda Dec 07 '11 at 21:34
  • hasienda : I'll try to do it ;-) – Agemen Dec 08 '11 at 08:49

3 Answers3

2

You should set up authz checking for both your Subversion repository and your Trac installation. You can use the same permission file for both. For Subversion, see Path-based authorization in the SVN book. For Trac, enable and configure the trac.versioncontrol.svn_authz.AuthzSourcePolicy component.

This will allow you to have a very fine-grained control over who can access which part of the repository. Note that the implementation of AuthzSourcePolicy in Trac 0.12.2 has a few bugs that will be fixed in 0.12.3.

Remy Blank
  • 4,236
  • 2
  • 23
  • 24
  • I've edited my post. As said in the edition, we already do that, I think. – Agemen Dec 08 '11 at 09:24
  • 1
    Then you shouldn't see the changesets containing only changes to hidden files in the timeline either. And for "mixed" changesets, you should only see the changes to visible files. – Remy Blank Dec 08 '11 at 17:02
0

There are two ways of going about this :

1) You can directly edit the plugins that are running in trac, and add a module that helps you to filter these out at the code level (i.e. you can edit the behavior of the script to , say, only include commits which exclude certain key words). The timeline script is here (trac 2.4) : /usr/local/lib/python2.4/site-packages/trac/Timeline.py (here is an online diff snapshot of the source code : http://trac.edgewall.org/attachment/ticket/890/Timeline.py.diff)

2) You can remove the commits entirely - trac commits are derived from the sqlLite database (the schema is here http://trac.edgewall.org/wiki/TracDev/DatabaseSchema).

Of course, there also might be some fancy tools out there that provide a nice interface for editing the way the timeline looks.

Finally - temporarily, you can remove the timeline/roadmap entirely from the trac.ini file : http://www.gossamer-threads.com/lists/trac/users/28079

jayunit100
  • 17,388
  • 22
  • 92
  • 167
  • 2 is not a solution. We want to hide the commits to anonymous users, not loose them. And we want all the informations to be dislpayed for the registered users. Ideally, the commits' messages should be displayed according to the right to read the content of the SVN. I edit my post to add this info. – Agemen Dec 07 '11 at 12:43
0

I confess that I've virtually no experience with the repository part of Trac, even less with using a repository with a variety of permissions across it's contents.

On the subject: Configuration is certainly not enough, see rblanks answer. While I've never seen the code for that functionality, I was wrong to suggest it doesn't exist. Because it is a central place and developed/supported in Trac core this is definitely the way to go.

hasienda
  • 2,390
  • 1
  • 13
  • 16
  • Still filtering the repo timeline events by checking, if all content is accessible to anonymous/one certain user group, and decide accordingly sounds like a costly process. I'd expect a performance hit at least for a repository with big changesets, but has anyone numbers to prove me right or wrong? – hasienda Dec 18 '11 at 20:58